Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:"Master" keys? (Score 1) 148

So with the key, your hidden urls would turn back to plain text months, years later via a stored server/logs.

URLs in transit over HTTPS are encrypted, but once they hit the server logs, they are stored in plain text along with any other data configured to be logged (unless on an encrypted volume, but that's outside the control of the web server software).

Comment Re:Time to replace the HTTP protocol (Score 1) 148

Key exchange is not performed over HTTP - it is performed by SSL or TLS (or whatever encryption protocol is being used). Even then, the public key exchange and encryption that is set up by the handshake is to set up a secure connection for exchanging symmetrical keys. Then the entire payload (whether it be HTTP, FTPS, or other application protocol) is encrypted. Asymmetric (key pairs) encryption/decryption is expensive, which is why symmetric keys are generated and used.

Comment Re:Self signed certs (Score 1) 148

The signing happens on the PUBLIC key, not the private. They can still give their private key to the NSA, who can use it regardless of who signed the public key.

The public key of the certificate is signed by the private key of the CA. In a self-signed scenario, I own the private key of the CA and I own the private key of the certificate. I'd have to give one of those up to make your scenario work.

Comment Re:Ah Slashdot: Reap what you sow (Score 1) 480

Ownership and copyright may be about getting credit, but getting credit is not always about ownership and copyright - some times it's just about getting credit. Unfortunately, people are sometimes driven to using ownership and copyright to maintain proper attribution.

Comment It depends ... (Score 2) 623

on the definition of "program". To preface, I'm not a programmer, but I can write basic code. I did Apple BASIC in elementary and middle school. Dabbled in Pascal, C, and VBA in college. I would plant my "learned how to program" flag in my last year of college, when my roommates and I downloaded Slackware floppy images over a modem, downloaded Merc 2.2 source code, learned to compile it, then rewrote 80% of the code.

Comment Re:Anything to get more customers (Score 1) 716

No, Google does not have the right to have advertising. They do have the right to insert advertising content into their data streams as it is content they host. The consumer has the right whether they view the advertising (or run software to remove the advertising).

Whether or not MS is in the right on this is a gray area for me, but I'm in their corner for making something their consumers will likely want (even if their motivation wasn't to meet their consumer demand).

Comment Where'd the malicious links come from? (Score 2) 157

From the article:

Malicious links embedded in the Department of Labor website focused on webpages that dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy.

So in addition to the 0-day exploit found in IE, what was exploited to put malicious links on the web site?

Slashdot Top Deals

"Even if you're on the right track, you'll get run over if you just sit there." -- Will Rogers